chore: add compliance policies

policies/compliance/Win - Compliance - U - Defender for Endpoint.json

@@ -0,0 +1,43 @@
+{
+    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
+    "displayName": "Win - Compliance - U - Defender for Endpoint",
+    "description": null,
+    "passwordRequired": false,
+    "passwordBlockSimple": false,
+    "passwordRequiredToUnlockFromIdle": false,
+    "passwordRequiredType": "deviceDefault",
+    "requireHealthyDeviceReport": false,
+    "earlyLaunchAntiMalwareDriverEnabled": false,
+    "bitLockerEnabled": false,
+    "secureBootEnabled": false,
+    "codeIntegrityEnabled": false,
+    "memoryIntegrityEnabled": false,
+    "kernelDmaProtectionEnabled": false,
+    "virtualizationBasedSecurityEnabled": false,
+    "firmwareProtectionEnabled": false,
+    "storageRequireEncryption": false,
+    "activeFirewallRequired": false,
+    "defenderEnabled": true,
+    "signatureOutOfDate": true,
+    "rtpEnabled": true,
+    "antivirusRequired": false,
+    "antiSpywareRequired": false,
+    "deviceThreatProtectionEnabled": false,
+    "deviceThreatProtectionRequiredSecurityLevel": "unavailable",
+    "configurationManagerComplianceRequired": false,
+    "tpmRequired": false,
+    "validOperatingSystemBuildRanges": [],
+    
+    // Scheduled Actions (MUST be included in the initial policy creation)
+    "scheduledActionsForRule": [
+        {
+            "ruleName": null,
+            "scheduledActionConfigurations": [
+                {
+                    "actionType": "block",
+                    "gracePeriodHours": 6
+                }
+            ]
+        }
+    ]
+}

policies/compliance/Win - Compliance - U - Device Security.json

@@ -0,0 +1,43 @@
+{
+    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
+    "displayName": "Win - Compliance - U - Device Security",
+    "description": null,
+    "passwordRequired": false,
+    "passwordBlockSimple": false,
+    "passwordRequiredToUnlockFromIdle": false,
+    "passwordRequiredType": "deviceDefault",
+    "requireHealthyDeviceReport": false,
+    "earlyLaunchAntiMalwareDriverEnabled": false,
+    "bitLockerEnabled": false,
+    "secureBootEnabled": false,
+    "codeIntegrityEnabled": false,
+    "memoryIntegrityEnabled": false,
+    "kernelDmaProtectionEnabled": false,
+    "virtualizationBasedSecurityEnabled": false,
+    "firmwareProtectionEnabled": false,
+    "storageRequireEncryption": false,
+    "activeFirewallRequired": true,
+    "defenderEnabled": false,
+    "signatureOutOfDate": false,
+    "rtpEnabled": false,
+    "antivirusRequired": true,
+    "antiSpywareRequired": true,
+    "deviceThreatProtectionEnabled": false,
+    "deviceThreatProtectionRequiredSecurityLevel": "unavailable",
+    "configurationManagerComplianceRequired": false,
+    "tpmRequired": true,
+    "validOperatingSystemBuildRanges": [],
+    
+    // Scheduled Actions (MUST be included in the initial policy creation)
+    "scheduledActionsForRule": [
+        {
+            "ruleName": null,
+            "scheduledActionConfigurations": [
+                {
+                    "actionType": "block",
+                    "gracePeriodHours": 6
+                }
+            ]
+        }
+    ]
+}

policies/compliance/Win - Compliance - U - Password.json

@@ -0,0 +1,46 @@
+{
+    "@odata.type": "#microsoft.graph.windows10CompliancePolicy",
+    "displayName": "Win - Compliance - U - Password",
+    "description": null,
+    "passwordRequired": true,
+    "passwordBlockSimple": true,
+    "passwordRequiredToUnlockFromIdle": false,
+    "passwordRequiredType": "numeric",
+    "passwordMinimumLength": 8,
+    "passwordExpirationDays": null,
+    "passwordPreviousPasswordBlockCount": null,
+    "passwordMinimumCharacterSetCount": null,
+    "passwordMinutesOfInactivityBeforeLock": 15,
+    "requireHealthyDeviceReport": false,
+    "earlyLaunchAntiMalwareDriverEnabled": false,
+    "bitLockerEnabled": false,
+    "secureBootEnabled": false,
+    "codeIntegrityEnabled": false,
+    "memoryIntegrityEnabled": false,
+    "kernelDmaProtectionEnabled": false,
+    "virtualizationBasedSecurityEnabled": false,
+    "firmwareProtectionEnabled": false,
+    "storageRequireEncryption": false,
+    "activeFirewallRequired": false,
+    "defenderEnabled": false,
+    "signatureOutOfDate": false,
+    "rtpEnabled": false,
+    "antivirusRequired": false,
+    "antiSpywareRequired": false,
+    "deviceThreatProtectionEnabled": false,
+    "deviceThreatProtectionRequiredSecurityLevel": "unavailable",
+    "configurationManagerComplianceRequired": false,
+    "tpmRequired": false,
+    "validOperatingSystemBuildRanges": [],
+    "scheduledActionsForRule": [
+        {
+            "ruleName": "PasswordRequired",
+            "scheduledActionConfigurations": [
+                {
+                    "actionType": "block",
+                    "gracePeriodHours": 0
+                }
+            ]
+        }
+    ]
+}